from urllib.parse import unquote


a=[]
with open("sql_map1.pcapng","rb") as f:
    for i in f.readlines():
        i1=unquote(i,"utf-8").strip()
        if "id=" in i1 or "Content-Length" in i1:
            a.append(i1)
import re
a1=[]
for i in range(len(a)):
    if "GET" in a[i]:
        i2=re.search(r"id=.*",a[i]).group()
        a1.append(i2)
    else:
        a1.append(a[i])

a2=[]
for i in range(len(a1)):
    if "id=1" in a1[i]:
        i3=a1[i]+a1[i+1]
        a2.append(i3)

aa={}
for i in a2:
    if "flag AS NCHAR" in i:
        tmp=[]
        f1=re.search(r",(\d+),1\)\)>(\d+) AND 'busd'='busd HTTP/1.1Content-Length: (\d+)",i)
        tmp=[int(f1[2]),int(f1[3])]
        aa[f1[1]]=tmp
# print(aa)

rar1=""
for i in aa:
    if aa[i][1]==53:
        rar1+=chr(aa[i][0]+1)
    else:
        rar1 += chr(aa[i][0])

rar1=rar1[:-1]
print(rar1)
import base64
with open("flag.rar","wb") as f:
    f.write(base64.b16decode(rar1))

#密码
passwd={}
for i in a2:
    if "password AS NCHAR" in i:
        tmp=[]
        f1=re.search(r",(\d+),1\)\)>(\d+) AND 'xdzI'='xdzI HTTP/1.1Content-Length: (\d+)",i)
        tmp=[int(f1[2]),int(f1[3])]
        passwd[f1[1]]=tmp
# print(aa)

p1=""
for i in passwd:
    if passwd[i][1]==53:
        p1+=chr(passwd[i][0]+1)
    else:
        p1 += chr(passwd[i][0])
print(p1)